package com.zhuyp.shiro.filter;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.web.filter.AccessControlFilter;

import com.zhuyp.shiro.utils.HmacSHA256Utils;

public class MyShiroFilter extends AccessControlFilter {

	@Override
	protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object arg2) throws Exception {
		return false;
	}

	@Override
	protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
		String username = request.getParameter("username");
		String password = request.getParameter("password");
		AuthenticationToken token = new UsernamePasswordToken(username,HmacSHA256Utils.digest(password));
		getSubject(request,response).login(token);
		return true;
	}

}
